Distribution denial of service (DDOS, Distribution Denial Of Service) attacks are a type of network attack behavior in which an attacker uses a controller as a springboard to control a large number of infected and controlled attackers which form an attacker network for launching large-scale denial-of-service attacks on victim hosts. Distributed denial of service attacks use an attacker network to initiate a large number of service request packets to victim hosts so that the victim hosts are busy in handling these bursting requests and cannot respond normally to legal user requests. As a result, the victim hosts break down.
A prior art proposes a method for network attack protection by using a DDOS cleaning device for cleaning service requests. This method detects network attack behavior by using an attack detection device. After network attacks are found, a DDOS cleaning device is notified. The DDOS cleaning device sends an instruction to a router for sending all packets of the destination server (that is, the victim host) through the router to the DDOS cleaning device. After cleaning the packets, the DDOS cleaning device returns the packets to the router for the router to send the cleaned data to the destination server.
During research on the prior art, the inventor finds that the method for network attack protection according to the prior art protects mainly the victim hosts, and performs cleaning only when a large flow of DDOS attacks reaches the victim hosts. By that time, however, the large flow of DDOS attacks already blocks the upstream network of the victim hosts, wasting network bandwidth.